Haxored

Anyway...

Hi Paul, Your email has been forwarded on to me by our datacentre provider. We provide the web hosting for slowdown.co.uk the site uses host header on the IP address 83.245.15.61. The attack did not originate from this IP address. However the hacker did deface a number of sites on the server. We believe he used a brute force password cracker on about 10 websites. Unfortunately there is not allot in the logs that is useful. However we shall be adding an IDS system to the server by the end of the week to prevent this from happening again. Please don't hesitate to contact me with any further questions or problems. Best Regards Adam Heavens Managing Director Server Centre Limited Email: adam.heavens@servercentre.net Tel: 0870 7606745 DDI: 0115 9419191 Mobile: 0773 4218194

Paul, Thanks for the heads up, we're investigating. Regards, Ed Butler RapidSwitch Ltd DDI: 020 7106 0731

Or even simpler just look for web pages that have a .asp extension as Google shows these under the decription of the site in searches.

Defacing sites that are running on servers with 'write' permissions enabled on directories within the site is a very old hacking trick and there are plenty of hacking tools to do this that are readily available.

Most hackers don't even both with this type of amateurish stuff, but there are still plenty of 13 year old skript kiddies with to much time on their hands who will use these tools to over-write files on un-secured sites.

Expect more of this type of thing with the summer holidays comming up.

Hello All,
I realize this topic is a few days old but thought I would throw in my 2 cents since i am just now catching up.   Windows 2003 SP1 comes with a tool called the Security Configuration Wizard. I highly recommend that anyone running Windows 2003 upgrade to SP1 and run this tool. While you are running this Wizard, it will ask you if you want to remove write priviledges on web folders.  It will also custom build you a Windows firewall based on the application you have installed, I DO NOT recommend this firewall be your only line of defense between you and the internet, but the more layers between you and the bad guys the better.   W2K3 SP1 also improves and hardens IIS 6.  So, if you run your own site and have the ability to upgrade to W2K3 SP1 and Run the Security Configuration Wizard, do so ASAP**. WWF still works perfectly after you harden your servers. You will, however, need to go back and add write permissions to the 'uploads' once you complete the wizard if you allow Image and Avatar uploads from your site, but only on the 'Uploads' folder.

This will by no means make your server unhackable, but it adds another layer of complexity for anyone trying to mess it up.

 **As always, read up on the Security Configuration Wizard before winging the upgrade.  MS has tons of articles on this... Google it and make sure you know a little more about it before hand. Never hurts.

Later,

Your site says version 7.01... did you upgrade to the 7.9 files before applying the 7.92 files?  It looks to me as if all the files have not been updated.  Just a thought, I could be wrong.  Also... make sure you post your errors so we can see them... I took the liberty for you:

Microsoft VBScript runtime error '800a01f4'

Variable is undefined: 'removeLongText'

/forum/post_message.asp, line 298